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We analyse the problem of solving Boolean equation systems through the use of structure graphs. 
The latter are obtained through an elegant set of Plotkin-style deduction rules. Our main contribution 
is that we show that equation systems with bisimilar structure graphs have the same solution. We 
show that our work conservatively extends earlier work, conducted by Keiren and Willemse, in which 
dependency graphs were used to analyse a subclass of Boolean equation systems, viz., equation 
systems in standard recursive form. We illustrate our approach by a small example, demonstrating 
the effect of simplifying an equation system through minimisation of its structure graph. 

1 Introduction 

Boolean equation systems (BESs) [|8][9l essentially consist of sequences of fixed-point equations in the 
Boolean lattice. Their merit is in their use for solving a variety of advanced verification problems in a 
uniform manner, viz-, by solving the equation system itself; such problems include local and global model 
checking problems, see e.g. [0 and equivalence checking problems, see |[T0l HI. Through dedicated 
encodings that act on a combination of, e.g., labeled transition systems and temporal formulae, equation 
systems encoding a particular verification problem can be obtained efficiently, i.e., in polynomial time. 
The size of the resulting equation system is dependent on the input and the verification problem: the 
//-calculus model checking problem, for instance, yields equation systems of size ff{nf), where n is the 
size of the state space and / the size of the modal formula. As a result, equation systems can suffer from 
a phenomenon akin to the state explosion problem. 

Solving an equation system is known to be a computationally hard problem: it is in NP n co-NP, 
see, e.g. @; in fact, Jurdzihski showed that it is in UPRco-UP, see Q. Currently, the most efficient 
algorithm for solving equation systems (at least from a theoretical stance), is the bigstep algorithrr£]due 
to Schewe |[T2ll . This algorithm has run-time complexity &{n m ah W^ 3 ), where n corresponds to the 
number of equations in an equation system S, m to the cumulative size of the right-hand sides of these, 
and ah(<f ) to the number of alternations of fixed-point signs in the equation system. This run-time com- 
plexity provides a practical motivation for investigating methods for efficiently reducing the size of these 
parameters. In the absence of notions such as a behaviour of an equation system, an unorthodox strategy 
in this setting is the use of bisimulation-inspired minimisation techniques. Nevertheless, recent work by 
Keiren and Willemse Q demonstrates that two such minimisations are not only theoretically but also 
practically very cost-effective: they yield massive reductions of the size of equation systems, they do not 
come with memory penalties, and the time required for solving the original equation system significantly 
exceeds the time required for minimisation and subsequent solving of the minimised equation system. 

1 Technically, this algorithm is used to compute the set of winning states for a player in a Parity Game, but this problem is 
equivalent to the problem of solving an equation system. 
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In ibid., the minimisations are only obtained for a strict subclass of equation systems, viz., equation 
systems in standard recursive form (SRF). The minimisation technique relies on bisimulation minimi- 
sations of dependency graphs (6l 13 underlying the equation systems in SRF. These graphs basically 
reflect the (possibly mutual) dependencies of the equations in an equation system in SRF. While from a 
practical viewpoint, the class of equation systems in SRF does not pose any limitations to the applicabil- 
ity of the method (every equation system can be brought into SRF without changing the solution to the 
proposition variables of the original equation system), the transformation comes at the cost of a blow-up 
in size. While this blow-up is only polynomial in size, its effects on the minimising capabilities were 
thus far not clear. As a result of our developed theory we are able to show that the reduction to SRF 
does not adversely affect the minimising capabilities of strong bisimulation. This follows from the fact 
that bisimilarity on structure graphs is a congruence for normalisation, i.e., an operation that transforms 
an equation system into SRF. More importantly, the required transformation into SRF complicates the 
development of meta-theory for equation systems. For instance, it hinders addressing questions such as 
whether the minimisation of equation systems is always favourable over minimising input specifications 
prior to encoding the problem as equation systems. 

The main problem in generalising the results that are obtained through the analysis of dependency 
graphs is that it is hard to elegantly capture the structure of an equation system, without resulting in a 
parse-tree of the equation system. In addition, the arbitrary nesting levels of Boolean operators in equa- 
tion systems complicates a straightforward definition of bisimilarity for such general equation systems. 
We solve these issues by using a set of deduction rules in Plotkin style iPTTI to map the equation systems 
onto structure graphs. The latter generalise dependency graphs by dropping the requirement that each 
node necessarily represents a proposition variable occurring at the left-hand side of some equation and 
adding facilities for reasoning about Boolean constants true and false. Motivated by computational com- 
plexity, in defining our deduction rules, we necessarily must leverage between simplicity and coarseness. 
This is achieved by choosing to support only rules of commutativity and associativity of the Boolean 
operators, and not, e.g., distributivity and absorption rules. The rationale behind this choice is that com- 
mutativity and associativity, which are hard-coded in equation systems in SRF (and therefore in their 
underlying dependency graphs) have proven to be sufficiently powerful for obtaining reductions from an 
arbitrary number of equations to a single equation. 

Related Work. Various types of graphs for Boolean equation systems have appeared in the litera- 
ture. In [9], Mader considers dependency graphs consisting of nodes representing equations and edges 
representing the fact that one equation depends on the value of another equation. The structure of the 
right-hand sides of the equations can in no sense be captured by these graphs. Keinanen @ extends 
the dependency graphs of Mader by decorating the nodes with at most one of the Boolean operators A 
and V, and, in addition, a natural number that abstractly represents the fixed-point sign of the equation. 
However, the dependency graphs of ibid., only allow for capturing equation systems in SRF. Keiren 
and Willemse [7] use these dependency graphs to investigate two notions of bisimulation, viz., strong 
bisimulation, and a weakened variation thereof, called idempotence-identifying bisimulation, and their 
theoretical and practical use for minimising equation systems. The dependency graphs of [6113, in turn, 
are closely related to Parity Games, in which players aim to win an infinite game. It has been shown 
that the latter problem is equivalent to solving a Boolean equation system. Simulation relations for Par- 
ity Games have been studied in, among others J3- Finally, we mention the framework of Switching 
Graphs 0, which have two kinds of edges: ordinary edges and switches, which can be set to one of two 
destinations. Switching Graphs are more general than dependency graphs, but are still inadequate for 
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directly capturing the structure of the entire class of Boolean equation systems. Note that in this setting, 
the v-parity loop problem is equivalent to the problem of solving Boolean equation systems. 



Outline. For completeness, we provide a brief overview of the formal framework of Boolean equation 
systems in Section[2] Section[3]subsequently introduces the concept of a structure graph and presents de- 
duction rules for generating these from an equation system. Our main results are presented in Section [4] 
and an application thereof can be found in Section[5] Section [6] finishes with concluding remarks. 



2 Preliminaries 

A Boolean equation system is a finite sequence of least and greatest fixed point equations, where each 
right-hand side of an equation is a proposition in positive form. For an in-depth treatment of the associ- 
ated theory for model checking the modal ju-calculus, we refer to 0. In the remainder of this section, 
we outline only the theory that is required for understanding the results obtained in this paper. 

Definition 2.1. A Boolean equation system (BES) $ is defined by the following grammar: 

S ■■= e \{o-X = f)S 
f,g ::=c\X\fVg\fAg 

where e is the empty BES, o~e{jj,v} is a fixed point symbol, X is a proposition variable taken from some 
set S£ ' , f is a proposition formula and c is either constant true or false. 

For any equation system $ , the set of bound proposition variables, bnd(<f ), is the set of variables 
occurring at the left-hand side of some equation in t§ . The set of occurring proposition variables, occ{$\ 
is the set of variables occurring at the right-hand side of some equation in S '. 

bnd(e)=0 bnd((<rX = /) S) = bnd(<f ) U {X} 

occ(e) = occ((o-X = f)S) = occ(£) U occ(/) 

where occ(/) is defined inductively as follows: 

occ(c) = occ(X) = {X} 

occ(f\/g) = occ(f)Uocc(g) occ(fAg) = occ(/) Uocc(g) 

We say that an equation system $ is closed whenever occ(<f) C bnd(<f). Intuitively, a (closed) equa- 
tion system uniquely assigns truth values to its bound proposition variables, provided that every bound 
variable occurs only at the left-hand side of a single equation in an equation system. In such a case, we 
call the equation system well-formed. As usual, we only consider well-formed equation systems. Well- 
formedness enables us to define an ordering ^ on bound variables of an equation system £ , denoted 
X ^ X ', indicating that the equation for X precedes the equation for X' in the equation system S. 



Formally, proposition formulae are interpreted in a context of an environment r\:X — > B. For an 
arbitrary environment n, we write r/[X := b] for the environment n in which the proposition variable X 
has Boolean value b and all other proposition variables X' have value rj(X'). Note that, for reading ease, 
we do not formally distinguish between a semantic Boolean value and its representation by true and 
false; likewise, for the operands A and V. 



Reniers & Willemse 



95 



Definition 2.2. Let 77: 3£ — >■ B be an environment. The interpretation \f\r\ maps a proposition formula f 
to true or false: 

The solution of a BES, given an environment n, is inductively defined as follows: 

Hi = v 

W(nrY-f)^n I tt^M* == W(KM* == false])]) if <T = p 

1)61171 \ mm:=lfmmx:=true])}) ifcr = v 

The tree-like recursive definition of a solution makes it intricately complex. On the one hand, it can 
be shown that a solution to an equation system still verifies every equation (in the sense that the value 
at the left-hand side is logically equivalent to the value at the right-hand side of the equation). At the 
same time, the fixed-point signs of left-most equations outweigh the fixed-point signs of those equations 
that follow, i.e., the fixed-point signs of leftmost equations are more important. As a consequence, the 
solution is order-sensitive: the solution to (jjX = Y) (vY = X), yielding all false, differs from the solution 
to (vY = X) (pX = Y), yielding all true. 

Closed equation systems enjoy the property that the solution to the equation system is independent 
of the environment in which it is defined, i.e., for all environments 77,77', we have [[<f]]?7(X) = [<?]]j/(X) 
for all X G bnd(#). For this reason, we henceforth refrain from writing the environment explicitly in all 
our considerations dealing with closed equation systems, i.e., we write [[#]], and [<^]P0 instead of the 
more verbose \S\ti and [[^M x )- 

An academic example illustrating the typical purpose of equation systems is given below. 

Example 2.3. Consider the labeled transition system (depicted below), modelling mutual exclusion be- 
tween two readers and a single writer. 




Reading is started using an action r s and action r e indicates its termination. Likewise for writing. The 
verification problem vX.pY. (r,)XV (r~^)Y, modelling that on some path, a reader can infinitely often start 
reading, translates to the following equation system: 

(vX S0 = YJ (vX Sl = Y Sl ) (vX S2 = Y S2 ) (vX S3 = Y S3 ) 

(pY S0 = X Sl V Y Sl ) Guy,, = X S2 V YJ (pY S2 = Y S] ) (pY S3 = Y So ) 

Observe that, like the original p-calculus formula, the resulting equation system has mutual dependen- 
cies between X and Y proposition variables. Solving the resulting equation system leads to true for all 
bound variables; X Sj = true, for arbitrary state S{, implies that the property holds in state s,-. □ 

The lemma below states that an equation (crX = f) in an equation system can be moved arbitrarily 
close to the end in that equation system, so long as all the proposition variables that occur in / are 
bound by equations that precede the equation for X. Moreover, in the special case that X £ occ(/), the 
fixed-point sign of the equation for X is immaterial, and can thus be changed at will. 

Lemma 2.4. Let cr 1 denote an arbitrary fixed-point sign. Ifocc(f) n bnd((crX = /) S\ £2) = 0, then for 
all environments 77: 

pb {trX = f) g\ S 2 h = [Wo {o-'X = f) £ 2 }]ri 
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Proof. Due to Lemma 3.14 of 0, it suffices to prove the above equivalence for Sq = e. The resulting 
equivalence then follows via an induction on the length of S\ . The inductive step is non-trivial. □ 

Note that a variation of the above lemma in which X G occ(/) does not admit a change of fixed-point 
sign, but, otherwise, the equivalence still holds. In several practical and theoretical cases, it suffices 
to consider equation systems in which the right-hand sides of the equations are of a particular shape. 
The following definition formally introduces equation systems in standard recursive form, which is used 
in 0. The introduced syntax takes advantage of the fact that the semantics of proposition formulae 
satisfies the usual rules of Boolean logic such as associativity and commutativity of A and V. 

Definition 2.5. A Boolean equation system $ in standard recursive form (SRF) is defined by the following 
grammar: 

S ::=e\{o-X = f) S 

f ::=X \ \JF | l\F, where F C 3C , with \F\ > 0. 



The solution to <§ is given by Definition 2.2 where proposition formulae in SRF are interpreted as follows 



(note that we write rj(F) to indicate that n is applied to every variable X in F): 

lixh = i(x) [[A = A n{F) [[V F h = V ^) 

Observe that every equation system S can be rewritten to an equation system § in SRF such that 
[[<=?]] ?7(X) = [[<f]]^(X) for all X G bnd(<f ), i.e., the transformation to SRF preserves and reflects the so- 
lution of bound variables. This transformation leads to a polynomial blow-up of the original equation 
system. Lemma |2T4| provides the foundations for our results in Section [4j where it underpins the sound- 
ness of normalisation, i.e., the process of turning an equation system into SRF. 

Next, we consider the rank of an equation system (both standard and in SRF), and the derived notion 
of the alternation hierarchy of an equation system. The hierarchy can be thought of as the number of 
syntactic alternations of fixed point signs occurring in the equation system. Note that the alternation 
hierarchy is an over-approximation of the alternation depth, which is a measure for the complexity 
of an equation system, measuring the degree of mutual alternating dependencies. Theoretically, the 
alternation depth is in many cases smaller than the alternation hierarchy; practically, it is harder to define 
and compute than the alternation hierarchy. 

Definition 2.6. Let £ be an arbitrary equation system. The rank of some X G bnA(S), denoted rank(X), 
is defined as rank(X) = rank Vj x (<§*), where rank V; x(<^) is defined inductively as follows: 

rankle) =0 

{0 ifo- = o J andX = Y 

rank^x^) if cr = cr' and X ^Y 

l + ranlv,x((cr'y = /)<?) ifo-^o J 

The alternation hierarchy ah((f) is the difference between the maximum and the minimum of the ranks of 
the equations of ' S. Observe that rank(X) is odd iffX is defined in a least fixed-point equation. 

The following lemma states that equations with equal ranks can be switched without affecting the 
solution. This result is well-known, and follows from Bekic principle. 

Lemma 2.7. Let Sq (ctX = f) S\ (cr'Y = g) $2 be an arbitrary equation system with rank(X) = rank(F). 
Then for arbitrary environment rj, we have: 

(crX = f) S x (cr'Y = g) S 2 \q = \S Q (cr'Y = g) S x (<rX = f) S 2 \q 
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Finally, for the purpose of comparison with the structure graphs we define in the next section, we 
introduce the dependency graph (V, — >, r, I) as a derived notion of an equation system $ in SRF (see 0), 
where: 

• V = bnd(<f ) is a set of nodes; 

• — »C V x V is the transition relation, defined as X — > Y iff Y G occ(/) for crX = f G $ ; 

• r:V — > TV is the rank function, defined as r(X) = rank(X); 

• l:V — > { A, V, _L} is the logic function, where l(X) is the Boolean operator in crX = f G $ , or _L if 
there is no Boolean operator. 

3 Structure Graphs for Boolean Equation Systems 

A large part of the complexity of equation systems is attributed to the mutual dependencies between 
the equations. For closed equation systems in SRF, these intricate dependencies are captured neatly 
by the dependency graphs. For arbitrary equation systems, the situation is more complicated. We first 
generalise the notion of a dependency graph to a structure graph, and show that the resulting structure 
is still adequate for closed equation systems in SRF. We then proceed to show that arbitrary non-empty 
closed equation systems can be mapped onto a structure graph. 

3.1 Structure Graphs 

Definition 3.1. A structure graph is a finite, vertex-labeled graph & = (T,t,^,d), where: 

• T is a finite set of proposition formulae; 

• t G T is the initial formula; 

• ->Cf XT is a dependency relation; 

• d:T -> (2 Di U2 DT U2 DT U2 Di ), where, for e G {A,T,T,_L}, D e =NU{e}, is a term decoration 
mapping; 

A structure graph allows for capturing the dependencies between bound variables and (sub)formulae 
occurring in the equations of such bound variables. Intuitively, the decoration function d reflects the 
important information in an arbitrary equation or formula, such as the ranks of the bound variables, and 
the indication that the top symbol of a proposition formula is true (represented by T), false (represented 
by _L), a conjunction (represented by ▲) or a disjunction (represented by T). We say some node t is 
decorated by some symbol ★ whenever ★ £ d(t). Our rather liberal choice for the decoration function 
of nodes is motivated by possible future extensions of the theory that deal with open equation systems 
and complex forms of composition; we believe that sets of natural numbers are essential ingredients 
for accommodating such extensions. Observe that for closed equation systems, at most a single natural 
number would suffice. One can easily define bisimilarity on structure graphs. 

Definition 3.2. Let $ = (T, t, -)■, d) and <£' = (T', f, ->■', d') be structure graphs. A relation R C T x T 
is a bisimulation relation if for all (u,u r ) G R 

• d(u) = d'{u'); 

• for all v€zT,ifu^-v, then u' — v' for some v' G T' such that (v, v') G R; 

• for all v' G T', ifu' — >' v', then u — > v for some v G T such that (v,V) G R. 
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The structure graphs and C S' are bisimilar, notation & ' +±&' if there exists a bisimulation relation R 
such that {t,t') £ R. 

Next, we show how, under some mild conditions, a formula and equation system can be associated 
to a structure graph. Later in the paper this transformation will be used. 

A structure graph = (T,t,—t,d) is called BESsy if it satisfies the following five constraints: 

• a node t decorated by T or _L has no successor w.r.t. — K 

• a node is decorated by ▲ or T or a rank iff it has a successor w.r.t. — >. 

• a node with multiple successors w.r.t. — >, is decorated with ▲ or T. 

• a node with rank or 1 is reachable, and the ranks of all reachable nodes form a closed interval. 

• every cycle contains a node with a rank. 

Observe that BESsyness is preserved under bisimilarity. For a BESsy structure graph W = (T,t,-t,d) 
the function term and the partial function rhs are defined as follows: 



term(u) 



rhs{u) 



|~~ \{term(u') \ u — > u'} 
\_\{term{u') \ u — > u'} 
true 
false 

X u 

\~\{term(u') | u — >■ u'} 
\_\{term(u') \ u — > u'} 
term(u') 



if d{u) = {A}, 
if d{u) = {T}, 
if T G d(u), 
if J_G d(u), 
otherwise, 
if A € d(u), 
if T € d(u), 

otherwise, where u' is such that u 



In the definition of the functions term and rhs, the symbols [~| and U are used as a shorthand for a nested 
application of A and V. Let < be a total order on 3£ U {true, false}. Assuming that < is lifted to a total 
ordering on formulae, we define for formula t smaller than all formulae in T w.r.t. < 

n«=' ri(« ur )= M (n r ) u«=; u(« ur )=' v (u T 

Definition 3.3. Let & = (T,t,^,d) be a BESsy structure graph. The formula (and equation system) 
associated to , denoted <% is the formula term(t) in the context of the equation system $ defined below. 
To each node u £T such that d(u) ON ^ 0, we associate an equation of the form 

crX u = rhs(u) 

where cr is /i in case the maximal rank, provided it exists, associated to the node is odd, and v otherwise. 
The equation system $ is obtained by ordering the equations from left-to-right based on the ranks of the 
variables. 



3.2 Structure graphs for equation systems in SRF 

Next, for every formula (not only the variables) in the context of an equation system $ in SRF, we define 
the dependency relation and the decorations of formulae denoted by the transition relation _ — > _ and the 
predicates _T, _ _L, _A, _T, and _ rh n. It should be noted that for decorating the proposition variables 
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with the rank we use the function rank that is defined before. By means of the following deduction rules 
a structure graph is associated to each formula given a non-empty equation system $ in SRF: 

crX = /\FE<§ ctX = \JFeS crX = fe£ Y G occ(/) Xebnd(<f) rank(X) = n 

XA XV X->Y Xrtirc 

xeF xeF 

/\F1 \JFJ AF^X \JF^X 

The structure graph associated to a formula t in the context of an equation system $ is denoted 
^gj. For an equation system S, let X G bnd(<?) be the least element w.r.t. $3. Then, the structure graph 
associated to S, denoted by <£g, is the structure graph of the variable X in the context of £ . Structure 
graphs obtained from the SOS for Boolean equation systems in SRF satisfy the following restrictions. 

Lemma 3.4. Let S be a non-empty closed Boolean equation system in SRF and let &g = (T,X, — >,d) be 
the structure graph associated to £. 

1. All nodes correspond to propositional variables: For all t G T, we have t G bnd(<^) U occ(<f); 

2. A node is ranked iff it is a bound variable: For all t ET, we have d(t)(~)N^ (DifftE bnd(<f ); 

3. At most one rank is assigned to a node: For all t ET, we have \d(t) PiN\ ^ 1. 

Proof. These properties follow easily from the deduction rules. □ 

Lemma 3.5. For a non-empty closed equation system £ in SRF the structure graph <£g is isomorphic to 
the dependency graph defined for it in /[7|/. 

Proof. The properties given in Lemma [3~4| precisely characterise the dependency graphs from Q. □ 
3.3 Structure graphs for non-empty closed equation systems 

Next, we define structure graphs not for the class of equation systems in SRF but for arbitrary closed non- 
empty equation systems. First, as before, nodes representing bound propositional variables are labeled 
by a natural number representing the rank of the variable in the equation system: 

XGbnd(<f) rank(X)=?i 

X(hn 

A clear difference between equation systems in SRF and the more general class of equation systems 
is that in the latter only a binary version of conjunction and disjunction is available. A question that needs 
to be answered is "How to capture this structure in the structure graph?" One way of doing so would be 
to precisely reflect the structure of the right-hand side. For a right-hand side of the form X A (Y AZ) this 
results in the structure graph depicted below (left), where we assume that the ranks of the variables X, Y, 
and Z are 1, 2, and 3, respectively: 

XA(FAZ)a >- y AZ a *Z3 Mxyz} L^Yl 

V 

X 1 Y2 
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A drawback of this solution is that, in general, the logical equivalence between f\{X, Y,Z} and the 
formula XA(FAZ) is not reflected by bisimilarity. Retaining this logical equivalence (and hence asso- 
ciativity and commutativity) of both conjunction and disjunction is desirable to approximate the power 
of dependency graphs in reducing w.r.t. bisimilarity. 

Another syntactic difference between equation systems in SRF described in [7 ] and the more general 
class of equation systems discussed in this paper is that the logical connectives for conjunction (A) and 
disjunction (V) may occur nested in the right-hand side of the same Boolean equation. This is solved by 
reflecting a change in leading operator in the structure graph. So the anticipated structure of the structure 
graph for XA (Y A (Z V X)), where, again, we assume that the ranks of the variables X, Y, and Z are 1, 2, 
and 3, respectively, is: 

X A (F A (ZVX)) a >Y2 



X 1 ZVX Y >Z3 

This can be elegantly achieved by means of the following deduction rules for the decorations and the 
dependency transition relation — y. 

tk t^ru t'k f -> u' 

trueT false _L tAt'k tVt'f tAt'^u tAt'^u' 
tf t^u t'f t! ->■ u' -tfA ->*T -Yy 

tVt'^u tVt'^u' tAt'^t tAt'^-t' tVt'^-t tVt'^t' 

The first four deduction rules for — > are introduced to flatten the nesting hierarchy of the same connec- 
tive. They can be used to deduce that X A{Y AZ) — > Y. The latter four deduction rules describe the 
dependencies in case there is no flattening possible anymore (by absence of structure). For example 
X A Y — > X is derived by means of the first of these deduction rules. 

Example 3.6. The proposition formula (XA(ZV(FVZ)))AZ results in the following structure graph 
fragment. The subgraphs generated by the equations for X, Y, and Z are omitted from this example. 



(XA(ZV(FVX)))AZ a X 




z < zv(yvx)y Y 

It should be noted that all these predicates and transitions are defined in the context of one and the 
same equation system. 

Finally, we present deduction rules that describe how the structure of a node representing a variable is 
derived from the right-hand side of the corresponding equation. The third deduction rule defines this for 
the case that the right-hand side is a variable, the last two deduction rule for the cases it is a proposition 
formula that is not a variable. 

crX = t G S tW crX = t £ <f tk crX = t G <f ^tk -i*Y 



XT XA X -> t 

o-X = t&S tf t^u crX = t£g' tk t^u 



X^u 



X — y u 
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Example 3.7. An equation system (see left) and its associated structure graph (see right). Observe that 
the term X AY is shared by the equations for X and Y, and appears only once as a node in the structure 
graph as an unranked node. The equation for Z is represented by term Z, and is decorated only by the 
rank of the equation for Z. The subterm ZVW in the equation for W does not appear as a separate node 
in the structure graph, since the disjunctive subterm occurs within the scope of another disjunction. 

pX = (XAF)VZ XKY \t1 > Z3 

V Y = WV(XAF) / ^ 

fjZ = Z 

pW = ZV(ZVff) \ I 

Yf2 >Wf3^Z) 

□ 

The structure graph associated to a formula t in the context of an equation system £ is denoted 
^g,t- F° r an equation system S, letX G bnd(<f) be the least element w.r.t. $3. Then, the structure graph 
associated to S, denoted by Qg, is the structure graph of the variable X in the context of S . 

Lemma 3.8. Let $ be a non-empty closed equation system. Let t, t', and t" be arbitrary proposition 
formulae such that occ(f) Uocc(f') UoccfV') C bnd(S'). Then the following hold: 

^S,(tM')M" i± @g,t/\(?At")> ^g,(tvf)vt" ±t ^?,A/(A/f")> ^g,thf i± ^Sj'At, ^g.tyt' i± ygj/vt 

Proof. The proofs are easy. For example, the bisimulation relation that witnesses bisimilarity of (? A ?') A 
t" and t/\(t'/\ t") is the relation that relates all formulae of the form (u A u') A u" and hA(h'A u") and 
additionally contains the identity relation on formulae. Proofs of the "transfer conditions" are easy as 
well. As an example, suppose that (u A u') A u" — > v for some formula v. In case this transition is due 
to u A u' k and uAu'—tv, one of the cases that occurs for u A u' — > v is that uk and u — > v. We obtain 
u A (u' A u") — > v. Since v and v are related, this finishes the proof of the transfer condition in this case. 
All other cases are similar or at least equally easy. □ 

Idempotency of A and V, and more involved logical equivalences such as distribution and absorption 
are not captured by isomorphism or even bisimilarity on the structure graphs. The reason is that a right- 
hand side X A X will be decorated by ▲, whereas a right-hand side X is not! 

Theorem 3.9. Let S be a non-empty, closed equation system, and let $' be the equation system obtained 
by transforming <Sg into an equation system. Then there is a total bijective mapping h : bnd(<f) — > 
bnd(<f ) such that for all le bnd(<f): [[<?]](X) = [<?']] 

Proof. The mapping h that maps variable Y G bnd(^) to the variable Xy G bnd(<£" ) is such a total 
bijective mapping. The equalities [[<?]] (X) = [[<f']](/z(X)) (for X G bnd(#)) follow from the construction 
described in Section [3TT1 □ 

Next, we study the relationship between the structure graphs as used for the Boolean equation sys- 
tems in SRF and Boolean equation systems. Given a total order < on X , there is an embedding h of 
formulae in the syntax of the right-hand sides of equation systems in SRF in formulae in the syntax of 
equation systems. 

h{X)=X; 

h{J\{X}) =XAX; »(V{I}) =XVX; 

h(/\F) =min(F) Ah(/\F\{min(F)}); h(\/ F) = min(F)Vh(\/ F\{mm(F)}); 
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where FC J such that \F\ > 2 and min(F) denotes the least element of F w.r.t <. This embedding is 
easily lifted to the level of the equation systems themselves. Note that an artefact of the above transfor- 
mation is that the right-hand side f\{X, Y}, assuming that X < Y, is transformed into X A (Y A Y). 

Theorem 3.10. For an equation system <§ in SRF, &g i± ^ugy 

Proof. The mapping h (as a relation) is a bisimulation relation that proves *&g ±± ^%(g\. □ 

4 Preservation and Reflection of Solution under Bisimilarity 

In the previous section, we showed that there is a natural correspondence between structure graphs for 
equation systems in SRF and their dependency graphs. We tighten this result by showing that bisimilarity 
on structure graphs is a congruence for normalisation (a process similar to the transformation of an 
equation system into SRF). As a consequence, this result allows us to reuse the results of |7] and prove 
that for each pair of bisimilar nodes, both nodes have the same truth-value. 

4.1 true/fa Ise-Elimination 

Since we strive to reuse some of the results pertaining the dependency graphs, it is useful to define an 
operator on equation systems that replaces occurrences of nodes representing true or false by nodes 
representing proposition variables. This operator reduce is defined by the following deduction rules. 

tk tf -*T ->f± t^tu -tfT ->t± t(t\n 

reduce(?)A reduce(?)T reduce(f) — > reduce(w) reduce(7) iti n 

tT tT t± t± 

reduce(f) — > reduce(f) reduce(f) rh reduce(f) — > reduce(f) reduce(f) rh 1 

Observe that bisimilarity is a congruence for reduce, and that the operation preserves and reflects the 
solution of the original equation system. In the remainder of Section|4| we assume that operation reduce 
has been applied to all equations systems. 

4.2 Normalisation 

In structure graphs underlying an equation system, terms that are decorated by ranks typically occur 
as left-hand sides in equations, whereas the non-ranked terms occur as subterms in right-hand sides of 
equations with mixed occurrences of A and V. Normalisation of an equation system can be achieved 
by introducing a new equation for subterms in which the top-level Boolean operator differs from the 
top-level operator of the term it occurs in: an equation crX = Y A (Z V W) in an equation system is turned 
into crX = Y AZ', and an additional equation cr'Z' = ZV W is introduced in the equation system. In 
choosing the location (or, formally, its rank) of this new equation, one has some degree of freedom (see 
Lemma |2.4| ). We choose to assign a rank based on the rank that is assigned to its successors in the 
structure graph. This is formalised by the following set of deduction rules: 

tk tf t u tfrin 



norm(7)A norm(?)Y norm (?) — ^ norm (u) norm(?)rhn 
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r0 



norm(w) (hn V v ? ■ 



norm(v) iti m Am < n 



norm(?) iti n 

The last deduction rule expresses that in case a node t does not have a rank, a rank is associated to the 
normalised version of t. This rank is the maximal rank of all successors of t (after ranking these as well). 
Observe that, by construction, a non-ranked node can not have a transition to itself. Note that the premise 
of the last deduction rule is not only expressed in terms of transitions, predicates and negative versions 
thereof, but also utilises logical connectives and even a universal quantification. Syntax and semantics 
of such complex premises are taken from lfl3l . 

Normalisation typically preserves and reflects the solution to an equation system, in the sense that 
the Boolean value of all proposition variables, bound in the original equation system, remains unchanged 
by the operation (modulo naming of the proposition variables). This is formalised by the lemma below. 
^norm(c?) denotes the structure graph ^ jnorm (x) where X is the least variable w.r.t. s^. 

Lemma 4.1. Let $ be a non-empty, closed equation system, and let $norm be the equation system 
obtained by transforming ^ nor m(<?) mto an equation system. Then there is a total injective mapping 
h : bnd(<f) -»■ bnd(<f norm ) such that for all X e bnd(<T): = l£ norm \{h{X)). 



Proof. The proof follows from the deduction rules, in combination with Lemmata 2.4 and 2.7 



□ 



Example 4.2. The structure graph of the equation system of Example \3. 7\ ( see left below), and the 
structure graph of the normalisation of the same equation system (see right below). Observe that the 
term Y AX, which, before normalisation is unranked, inherits the maximal rank of successors Y and X. 



XAY a 



Yf2 



XT 1 



CI 

Z3 



Wf3 



norm (X A Y) ▲ 2 norm(X) t 1 



norm(y) t 2- 



a 

norm(Z) 3 



norm(W) T 3 



D 



According to Lemma 4.1 the equations for nodes X and norm(X) have the same solution. 



□ 



Lemma 4.3. Let £ and $' be non-empty closed equation systems. If^g and^g* are bisimilar, then also 
%orm{£) an d%orm{<g') are bisimilar. 



Proof. Any bisimulation relation ffl witnessing ^g^fSgi induces a witness for ^ n0 rm(^) ii^norm (<?')• d 

Lemma 4.4. Let S be a non-empty closed equation system. Then there is an equation system $' in SRF 
with c S nmm[ g ) ^± c Sg l . 

Proof. The structure graph of $ is easily transformed into an equation system in SRF as described 
previously. Observe that, since all nodes of ( S n0 xm{&") are ranked, each equation (crX = /) in $' has 
a right-hand side formula / with at most one type of Boolean operator, and the structure graph of a 
non-empty, closed equation system is BESsy by definition. □ 
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4.3 Bisimilarity Implies Solution Equivalence 

The theorem below states our main result, proving that equations that induce bisimilar structure graphs 
essentially have the same solution. This allows one to safely use bisimulation minimisation of the un- 
derlying structure graph of an equation system, and solve the resulting equation system instead. The 
proof of this theorem relies on the connections between normalisation, equation systems in SRF, and the 
results of Q. 

Theorem 4.5. Let $ and $' be non-empty, closed equation systems. Then for every pair of bisimilar 
formulas f w.r.t. and f w.r.t. <Sg>, also \f\\S\ = [[/']] [[<f ]]. 

Proof. By Lemma |4~3| it follows that for each pair / w.r.t. ^Sg and /' w.r.t. tfgi of bisimilar nodes, the 



nodes norm(/) and norm(/') are bisimilar. As a consequence of Lemma 4.4 we find that there must 
exist a closed equation system in SRF with a structure graph that is bisimilar to norm(/). Likewise for 
norm(/'). Since ±± is an equivalence relation, the structure graphs of the equation systems in SRF are 
again bisimilar. By Theorem 1 in Q, we find that this implies that norm(/) and norm(/') have the same 
solution. Since normalisation preserves and reflects the solution of the original equation system, see 



Lemma 4. 1 we find that / and /' have the same solution. □ 



5 Application 

Equation systems with non-trivial right-hand sides (i.e., equation systems with equations with right- 
hand sides containing both A and V) occur naturally in the context of process equivalence checking 
problems such as the branching bisimulation problem (see e.g. [ 1]) and the more involved model checking 
problems. As a slightly more elaborate example of the latter, we consider a //-calculus model checking 
problem involving an unreliable channel. The channel can read messages from the environment, and 
send or lose these next. In case the message is lost, subsequent attempts are made to send the message 
until this finally succeeds. The labeled transition system, modelling this system is given below. 



r t 




Suppose we wish to know for which states it holds whether along all paths consisting of reading and 
sending actions, it is infinitely often possible to potentially never perform a send action. Intuitively, this 
should be the case in all states: from states sq and s\, there is a finite path leading to state s\, which 
can subsequently produce the infinite path (s\ S2) u , along which the send action does not occur. For 
state S2, we observe that there is no path consisting of reading and writing actions, so the property holds 
vacuously in S2- We formalise this problem as follows^] 

(p = vX.pY.(([r]X A [s]XA (vZ.(s)Z)) V ([r]Y A [s]Y)) 

Using the translation of Mader [9] of the model checking problem into equation systems, the equation 
system given below is obtained. The solution to X Sj answers whether st |= <p. 

(vX, = Y S0 ) (vX Sl = Y Sl ) {vX S2 = Y S2 ) 

(jiY So = (X Sl AZ, ) V Y Sl ) (pY Sl = (X So AZ 4 ,) V Y So ) (pY Sl = true) 
(vZ V0 = Z V1 ) (vZ Sl = Z S2 ) (vZ S2 = Z Sl ) 

Alternative phrasings are possible, but this one nicely projects onto an equation system with non-trivial right-hand sides, 
clearly illustrating the theory outlined in the previous sections in an example of manageable proportions. 
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The structure graph underlying the above equation system, restricted to those parts reachable from the 
bound variables of the equation system, is depicted below: 



X Sl 



X Sl AZ So A- 



^▼1 



^0° 



Z Sl 2 



Y Sl Jl >X SQ AZ Sl A X S2 0- 



Z S2 2 



■Y S2 1 



■ true T 



Observe that we have X So ±±X Sl , Z SQ ±±Z Sl ±±Z S2 , Y S(I o Y S] and X So AZ Sl ±±X Sl AZ So . Minimising the 
above structure graph with respect to bisimulation leads to the structure graph depicted below: 




[X Sl AZ S0 ] /i± A 



- [Z So ]/t± 2 



[Ys 2 ]/ n i- 



■ true T 



Note that the structure graph is BESsy, and, hence, admits a translation back to an equation system. 
Using the translation provided in Definition |3 . 3 1 results in the following equation system: 

^ol/« = ^ol/« A % ]/«) V % ]/«) = tme ) 

(»*[z„] /a = x [z. t0 ]/«) 

Answering the global model checking problem can thus be achieved by solving 6 equations rather than 
the original 9 equations. Using standard algorithms for solving equation systems, one quickly finds that 
all variables X[v\,„ of the minimised equation system (and thus all nine original proposition variables) 
have value true. Note that the respective sizes of the equation systems are 26 before minimisation 
and 14 after minimisation, which is slightly less than a 50% gain. Such gains appear to be typical in 
this setting (see also IP71D. and seem to surpass those in the setting of labeled transition systems; observe, 
moreover, that the original labeled transition system already is minimal, demonstrating once more that the 
minimisation of an equation system can be more effective than minimising the original labeled transition 
system. 



6 Conclusions 

We presented a set of deduction rules for projecting the essential information underlying Boolean equa- 
tion systems onto so-called structure graphs. These graphs generalise the dependency graphs of J6j |7) 
which capture the dependencies of closed equation systems in standard recursive form ( SRF). We showed 
that a minimisation of closed equation systems can be achieved through a bisimulation minimisation of 
the underlying structure graphs, and that this minimisation is sound: the minimised equation system re- 
flects and preserves the solution of the original equation system. This generalises the results of 171. in 
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which minimisation was possible only after bringing the closed equation system into SRR The practical 
significance of minimisation of closed equation systems in SRF was already addressed in Q. 

The work we have presented serves as a starting point for further investigations. While we have not 
studied the problem of minimisation of open equation systems, extending our work in this direction is not 
likely to raise problems of any significance, as our structure graphs (with only small modifications) seems 
adequate for capturing and reasoning about unbound variables. Both from a theoretical and a practical 
point of view, the study of weaker equivalences on structure graphs is of importance. It is not fully 
clear whether the idempotence-identifying bisimilarity of 0, which weakens some of the requirements 
of strong bisimilarity, carries over to structure graphs without significant modifications. For equation 
systems in SRF, this type of bisimulation solves, among others, the idempotency problem that equations 
crX = Xf\X and crX = X are unrelated by strong bisimulation. Furthermore, it would be very interesting 
to study variations of stuttering equivalence in this context. 

Finally, we consider a thorough understanding of the structure graphs for BESs, and the associated 
notions of bisimilarity defined thereon, as a first step towards defining similar-spirited notions in the 
setting of parameterised Boolean equation systems flU. The latter are high-level, symbolic descriptions 
of Boolean equation systems. The advantage of such a theory would be that it would lead to elegant, short 
proofs of various PBES manipulations that currently require lengthy and tedious (transfinite) inductive 
proofs. 

Acknowledgements. We thank Jeroen Keiren for his valuable comments on a preliminary version. 
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